[iexplore.exe] j ai 2 iexplore.exe

Résolu
JamaisContent Messages postés 5 Statut Membre -  
titil Messages postés 1 Date d'inscription   Statut Membre -
Bonjour, j ai 2 iexplore.exe dans mes processus est-ce normal ? vu que j utilise firefox j ai quelques doutes, adaware et spybots n ont rien trouvé, pourriez vous vérifier svp voici mon rapport de hijack

Logfile of HijackThis v1.99.1
Scan saved at 19:22:39, on 19/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Olivier\Bureau\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BYTE GRIM] C:\DOCUME~1\Olivier\APPLIC~1\WAITFU~1\CASHNEW.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Configuration: Windows XP
Firefox 2.0.0.2

10 réponses

  1. zBr
     
    Salut JamaisContent

    Ton pc est infecté par l'adware Lop, télécharge ceci
    Double clic sur Lopxpv3.exe.
    Sur ton bureau un nouveau dossier va apparaitre, Lopxpv3.
    A l'intérieur, lance le fichier Lopxp.bat.
    Quant il aura fini son job, copie et colle le contenu du fichier lop.txt ici à la suite de ton message.

    a+
    0
  2. JamaisContent Messages postés 5 Statut Membre
     
    Salut zBr merci pour ton aide voici le rapport

    ------------------------------------------------
    Rapport Lopxp fait le lun. 19/03/2007 à 20:48:00,89
    ------------------------------------------------

    Exécuté dans C:\Documents and Settings\Olivier\Bureau\Lopxpv3

    /!\ Attention /!\

    Les résultats de ce rapport sont sujets à interprétations,
    Et ne démontrent pas systématiquement des dossiers infectés...

    _________________________________________________________________

    ## Processus

    /!\ Utilisation suspecte par un processus, d'Internet Explorer :

    iexplore.exe pid: 3220 54C: C:\DOCUME~1\ALLUSE~1\APPLIC~1\OWNSTI~1\LISTTY~1.EXE

    /!\ Utilisation suspecte par un processus, d'Internet Explorer:

    iexplore.exe pid: 3512 4EC: C:\Documents and Settings\All Users\Application Data\OWNSTITLEBAITSIZE\live open ball

    _________________________________________________________________

    ## Recherche prédéterminé dans C:\Program Files

    [X] C:\Program Files\BitGrabber Présent ! Installé le: 18/03/2007

    Recherche des dossiers crées le 18/03/2007 :

    C:\Program Files\waitfunkbind
    C:\Documents and Settings\All Users\Application Data\OWNSTITLEBAITSIZE

    _________________________________________________________________

    ## Tâches planifiées cachées

    (Panneau de configuration > Tâches planifiées > Menu "Avancé" > Afficher les tâches masquées)

    Suspect : C:\WINDOWS\Tasks\B52842AE9A0BF42A.job

    _________________________________________________________________

    ## Détection des paramètres de désinstallation du sponsor P2P:
    (BitDownload,BitGrabber,BitRoll,NetPumper,TorrentQ,Torrent101...)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\birdbashbits]

    DisplayName REG_SZ CiD Help
    UninstallString REG_SZ C:\DOCUME~1\Olivier\APPLIC~1\WAITFU~1\CASHNEW.exe -uninstall

    - Label de désinstallation listé "CiD Help" dans Ajout/Supression de Programmes.

    _________________________________________________________________

    ## Listing des dossiers des répertoires Application Data

    C:\Documents and Settings\All Users\Application Data

    05/02/2007 17:18 <REP> Adobe
    30/01/2007 21:07 <REP> BOONTY
    30/12/2006 15:32 <REP> CyberLink
    30/12/2006 13:31 <REP> DVD Shrink
    29/12/2006 23:10 <REP> Google
    29/12/2006 23:10 <REP> Google Updater
    04/03/2007 14:54 <REP> InstallShield
    10/02/2007 11:50 <REP> Microsoft
    13/01/2007 14:27 <REP> Microsoft Help
    29/12/2006 18:09 <REP> NVIDIA
    29/12/2006 18:14 <REP> nView_Profiles
    18/03/2007 19:11 <REP> OWNSTITLEBAITSIZE
    19/03/2007 19:30 <REP> Spybot - Search & Destroy
    31/12/2006 16:43 <REP> Windows Genuine Advantage

    C:\Documents and Settings\Olivier\Application Data

    05/02/2007 17:10 <REP> Adobe
    05/02/2007 17:17 <REP> AdobeUM
    04/03/2007 16:16 <REP> Canon
    03/03/2007 16:02 <REP> Command & Conquer 3 Tiberium Wars Demo
    30/12/2006 15:32 <REP> CyberLink
    19/03/2007 20:46 <REP> DMCache
    19/02/2007 18:41 <REP> Google
    29/12/2006 16:53 <REP> Identities
    30/12/2006 16:47 <REP> IDM
    02/03/2007 17:44 <REP> IGN_DLM
    29/12/2006 23:19 <REP> Lavasoft
    30/12/2006 12:22 <REP> Logitech
    02/03/2007 16:10 <REP> Macromedia
    22/02/2007 19:49 <REP> Microsoft
    07/01/2007 19:16 <REP> Mozilla
    25/02/2007 19:41 <REP> Sun
    30/12/2006 16:03 <REP> Talkback
    30/12/2006 16:03 <REP> Thunderbird
    14/01/2007 14:51 <REP> Torrent101
    10/02/2007 11:50 <REP> Uniblue
    18/03/2007 18:59 <REP> uTorrent
    09/03/2007 22:56 <REP> Vso
    18/03/2007 19:11 <REP> waitfunkbind

    C:\Documents and Settings\Olivier\Local Settings\Application Data

    29/12/2006 23:21 <REP> Adobe
    06/03/2007 19:26 <REP> ApplicationHistory
    03/03/2007 15:59 <REP> Downloaded Installations
    06/03/2007 19:39 <REP> GameSpy
    17/03/2007 19:59 <REP> Google
    30/12/2006 12:32 <REP> Identities
    08/03/2007 17:55 <REP> Microsoft
    13/01/2007 12:38 <REP> Microsoft Help
    07/01/2007 19:16 <REP> Mozilla
    12/01/2007 18:43 <REP> Oblivion
    13/01/2007 14:19 <REP> PCHealth
    30/12/2006 16:03 <REP> Thunderbird

    ____________________________________________

    ## Listing des dossiers dans C:\Program Files

    29/12/2006 23:11 <REP> Adobe
    30/12/2006 15:29 <REP> Ahead
    20/02/2007 23:04 <REP> Alcatel
    30/12/2006 00:09 <REP> Alcohol Soft
    29/12/2006 17:31 <REP> Alwil Software
    30/12/2006 12:41 <REP> ArcSoft
    30/12/2006 13:21 <REP> Ashampoo
    18/03/2007 19:34 <REP> BitGrabber
    30/01/2007 21:07 <REP> BoontyGames
    30/12/2006 12:42 <REP> Caere
    19/03/2007 19:11 <REP> CCleaner
    19/03/2007 19:03 <REP> CleanUp!
    29/12/2006 16:46 <REP> ComPlus Applications
    30/12/2006 13:28 <REP> coverXP
    05/03/2007 19:28 <REP> Cyanide
    30/12/2006 15:31 <REP> CyberLink
    04/01/2007 16:35 <REP> DIFX
    30/12/2006 13:31 <REP> DVD Shrink
    03/03/2007 20:23 <REP> Electronic Arts
    25/02/2007 00:04 <REP> ESET
    25/02/2007 19:39 <REP> Fichiers communs
    06/01/2007 01:20 <REP> FlashGet
    17/03/2007 19:59 <REP> Google
    29/12/2006 23:54 <REP> Grisoft
    30/12/2006 12:35 <REP> Hewlett-Packard
    30/12/2006 12:34 <REP> hp deskjet 5550 series
    08/02/2007 19:09 <REP> IGN
    10/02/2007 18:51 <REP> Internet Download Manager
    24/02/2007 23:58 <REP> Internet Explorer
    13/01/2007 19:10 <REP> IZArc
    25/02/2007 19:40 <REP> Java
    29/12/2006 23:10 <REP> Lavasoft
    30/12/2006 12:21 <REP> Logitech
    31/12/2006 16:52 <REP> Messenger
    29/12/2006 16:49 <REP> microsoft frontpage
    13/01/2007 14:35 <REP> Microsoft Office
    13/01/2007 14:35 <REP> Microsoft Visual Studio
    29/12/2006 17:01 <REP> Movie Maker
    18/03/2007 19:08 <REP> Mozilla Firefox
    02/03/2007 15:21 <REP> Mozilla Thunderbird
    08/02/2007 18:43 <REP> MSBuild
    29/12/2006 16:46 <REP> MSN
    29/12/2006 16:46 <REP> MSN Gaming Zone
    09/02/2007 14:52 <REP> MSN Messenger
    13/01/2007 12:05 <REP> MSXML 4.0
    09/02/2007 15:12 <REP> Multi_Media
    29/12/2006 17:00 <REP> NetMeeting
    13/01/2007 15:41 <REP> NVIDIA Corporation
    13/01/2007 15:19 <REP> OO Software
    31/12/2006 17:03 <REP> Outlook Express
    08/02/2007 18:41 <REP> Reference Assemblies
    29/12/2006 16:46 <REP> Services en ligne
    10/02/2007 11:51 <REP> Spybot - Search & Destroy
    30/12/2006 13:15 <REP> ToniArts
    25/02/2007 19:37 <REP> uTorrent
    30/12/2006 15:36 <REP> vso
    18/03/2007 19:10 <REP> waitfunkbind
    29/12/2006 18:34 <REP> Western Digital Technologies
    31/12/2006 19:45 <REP> Windows Media Connect 2
    31/12/2006 19:44 <REP> Windows Media Player
    29/12/2006 17:00 <REP> Windows NT
    08/02/2007 19:00 <REP> WinRAR
    29/12/2006 16:49 <REP> xerox

    _________________________________________________________________

    ## Recherche dans le registre

    # Clés de démarrage :

    * HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    BYTE GRIM REG_SZ C:\DOCUME~1\Olivier\APPLIC~1\WAITFU~1\CASHNEW.exe
    _________________________________________________________________

    ## Modification du fichier Hosts

    127.0.0.1= Url bloquée Autre= Redirection

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    _________________________________________________________________

    # Popups autorisées

    * Internet Explorer

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
    *.ogame259.de REG_BINARY
    netsearchsoft.com REG_SZ
    www.netsearchsoft.com REG_SZ
    netbios-wait.com REG_SZ
    www.netbios-wait.com REG_SZ

    * Mozilla Firefox (1 autorisé 2 interdit)

    host popup 1 www.developpez.net
    host popup 1 www.ledivx.com
    host popup 1 www.emule-mania.com
    host popup 1 diablo2.judgehype.com
    host popup 1 www.jeuxanimes.com
    host popup 1 www.abannonces.com
    host popup 1 www.grandtheftauto.fr

    * Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)

    _________________________________________________________________

    ## Zones de sécurité

    * HKCU Domains (4)

    * P3P History (5)

    _________________________ Fin du rapport ________________________
    0
  3. zBr
     
    Salut

    Ce sont ces deux programmes qui sont responsables des pubs que tu as en ce moment : BitGrabber, Torrent101
    En les instanllant tu as aussi choisis d'installer un sponsor assez encombrant lol.

    Dans ajout/suppression de programme désinstalle CiD help.
    Puis tu fais :
    Démarrer >> exécuter et tu tape %temp%
    Dans la fenetre qui va s'ouvrir, supprime les fichiers d'extention *.exe s'il y en a.

    Redemarre ton pc et relance Loxpv3.bat et cette fois choisis l'option 2 Mode avancé et ensuite tape 1
    Poste le rapport qui apparaitra dans le bloc notes.

    a++
    0
  4. JamaisContent Messages postés 5 Statut Membre
     
    re voici le rapport c'est super ca a marché merci bcps

    LopP2P : lun. 19/03/2007 21:24:13,51

    FixP2P Mode

    ________________________________
    ## Arrêt des processus

    Effectué.
    ________________________________
    ## Nettoyage du registre:

    Nettoyage effectué

    ________________________________
    ## Suppression des dossiers:

    C:\Program Files\BitGrabber Supprimé
    C:\Documents and Settings\Olivier\Application Data\Torrent101 Supprimé
    C:\My downloads Supprimé

    encore merci a +
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. zBr
     
    Bien... La désinstallation de CiDhelp s'est bien passé ?

    Maintenant reposte un rapport hijackthis et un dernier rapport lopxpv3, option 1 Rechercher/Générer un rapport.

    Est ce que tu pourrais me dire sur quel site tu as dl uTorrent ?
    Sur le site officiel ou ailleurs ?

    a++
    0
  7. JamaisContent Messages postés 5 Statut Membre
     
    je lai dl sur le site officiel, j ai dl un prog avec µtorrent, l ai décompressé,
    et lancé le fichier d instal qui était en faite bitgrabber mon antivirus a détécté un trojan qu il a supprimé puis j ai eu quelques ralentissements

    voici les rapports

    Logfile of HijackThis v1.99.1
    Scan saved at 21:38:57, on 19/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
    C:\Program Files\Caere\OmniPagePro90\opware32.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Olivier\Bureau\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
    O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    lop rapport

    ------------------------------------------------
    Rapport Lopxp fait le lun. 19/03/2007 à 21:49:43,23
    ------------------------------------------------

    Exécuté dans C:\Documents and Settings\Olivier\Bureau\Lopxpv3

    /!\ Attention /!\

    Les résultats de ce rapport sont sujets à interprétations,
    Et ne démontrent pas systématiquement des dossiers infectés...

    _________________________________________________________________

    ## Processus

    _________________________________________________________________

    ## Recherche prédéterminé dans C:\Program Files

    _________________________________________________________________

    ## Tâches planifiées cachées

    (Panneau de configuration > Tâches planifiées > Menu "Avancé" > Afficher les tâches masquées)

    _________________________________________________________________

    ## Détection des paramètres de désinstallation du sponsor P2P:
    (BitDownload,BitGrabber,BitRoll,NetPumper,TorrentQ,Torrent101...)

    _________________________________________________________________

    ## Listing des dossiers des répertoires Application Data

    C:\Documents and Settings\All Users\Application Data

    05/02/2007 17:18 <REP> Adobe
    30/01/2007 21:07 <REP> BOONTY
    30/12/2006 15:32 <REP> CyberLink
    30/12/2006 13:31 <REP> DVD Shrink
    29/12/2006 23:10 <REP> Google
    29/12/2006 23:10 <REP> Google Updater
    04/03/2007 14:54 <REP> InstallShield
    10/02/2007 11:50 <REP> Microsoft
    13/01/2007 14:27 <REP> Microsoft Help
    29/12/2006 18:09 <REP> NVIDIA
    29/12/2006 18:14 <REP> nView_Profiles
    19/03/2007 19:30 <REP> Spybot - Search & Destroy
    31/12/2006 16:43 <REP> Windows Genuine Advantage

    C:\Documents and Settings\Olivier\Application Data

    05/02/2007 17:10 <REP> Adobe
    05/02/2007 17:17 <REP> AdobeUM
    04/03/2007 16:16 <REP> Canon
    03/03/2007 16:02 <REP> Command & Conquer 3 Tiberium Wars Demo
    30/12/2006 15:32 <REP> CyberLink
    19/03/2007 20:46 <REP> DMCache
    19/02/2007 18:41 <REP> Google
    29/12/2006 16:53 <REP> Identities
    30/12/2006 16:47 <REP> IDM
    02/03/2007 17:44 <REP> IGN_DLM
    29/12/2006 23:19 <REP> Lavasoft
    30/12/2006 12:22 <REP> Logitech
    02/03/2007 16:10 <REP> Macromedia
    22/02/2007 19:49 <REP> Microsoft
    07/01/2007 19:16 <REP> Mozilla
    25/02/2007 19:41 <REP> Sun
    30/12/2006 16:03 <REP> Talkback
    30/12/2006 16:03 <REP> Thunderbird
    10/02/2007 11:50 <REP> Uniblue
    18/03/2007 18:59 <REP> uTorrent
    09/03/2007 22:56 <REP> Vso

    C:\Documents and Settings\Olivier\Local Settings\Application Data

    29/12/2006 23:21 <REP> Adobe
    06/03/2007 19:26 <REP> ApplicationHistory
    03/03/2007 15:59 <REP> Downloaded Installations
    06/03/2007 19:39 <REP> GameSpy
    17/03/2007 19:59 <REP> Google
    30/12/2006 12:32 <REP> Identities
    08/03/2007 17:55 <REP> Microsoft
    13/01/2007 12:38 <REP> Microsoft Help
    07/01/2007 19:16 <REP> Mozilla
    12/01/2007 18:43 <REP> Oblivion
    13/01/2007 14:19 <REP> PCHealth
    30/12/2006 16:03 <REP> Thunderbird

    ____________________________________________

    ## Listing des dossiers dans C:\Program Files

    29/12/2006 23:11 <REP> Adobe
    30/12/2006 15:29 <REP> Ahead
    20/02/2007 23:04 <REP> Alcatel
    30/12/2006 00:09 <REP> Alcohol Soft
    29/12/2006 17:31 <REP> Alwil Software
    30/12/2006 12:41 <REP> ArcSoft
    30/12/2006 13:21 <REP> Ashampoo
    30/01/2007 21:07 <REP> BoontyGames
    30/12/2006 12:42 <REP> Caere
    19/03/2007 19:11 <REP> CCleaner
    19/03/2007 19:03 <REP> CleanUp!
    29/12/2006 16:46 <REP> ComPlus Applications
    30/12/2006 13:28 <REP> coverXP
    05/03/2007 19:28 <REP> Cyanide
    30/12/2006 15:31 <REP> CyberLink
    04/01/2007 16:35 <REP> DIFX
    30/12/2006 13:31 <REP> DVD Shrink
    03/03/2007 20:23 <REP> Electronic Arts
    25/02/2007 00:04 <REP> ESET
    25/02/2007 19:39 <REP> Fichiers communs
    06/01/2007 01:20 <REP> FlashGet
    17/03/2007 19:59 <REP> Google
    29/12/2006 23:54 <REP> Grisoft
    30/12/2006 12:35 <REP> Hewlett-Packard
    30/12/2006 12:34 <REP> hp deskjet 5550 series
    08/02/2007 19:09 <REP> IGN
    10/02/2007 18:51 <REP> Internet Download Manager
    24/02/2007 23:58 <REP> Internet Explorer
    13/01/2007 19:10 <REP> IZArc
    25/02/2007 19:40 <REP> Java
    29/12/2006 23:10 <REP> Lavasoft
    30/12/2006 12:21 <REP> Logitech
    31/12/2006 16:52 <REP> Messenger
    29/12/2006 16:49 <REP> microsoft frontpage
    13/01/2007 14:35 <REP> Microsoft Office
    13/01/2007 14:35 <REP> Microsoft Visual Studio
    29/12/2006 17:01 <REP> Movie Maker
    18/03/2007 19:08 <REP> Mozilla Firefox
    02/03/2007 15:21 <REP> Mozilla Thunderbird
    08/02/2007 18:43 <REP> MSBuild
    29/12/2006 16:46 <REP> MSN
    29/12/2006 16:46 <REP> MSN Gaming Zone
    09/02/2007 14:52 <REP> MSN Messenger
    13/01/2007 12:05 <REP> MSXML 4.0
    09/02/2007 15:12 <REP> Multi_Media
    29/12/2006 17:00 <REP> NetMeeting
    13/01/2007 15:41 <REP> NVIDIA Corporation
    13/01/2007 15:19 <REP> OO Software
    31/12/2006 17:03 <REP> Outlook Express
    08/02/2007 18:41 <REP> Reference Assemblies
    29/12/2006 16:46 <REP> Services en ligne
    10/02/2007 11:51 <REP> Spybot - Search & Destroy
    30/12/2006 13:15 <REP> ToniArts
    25/02/2007 19:37 <REP> uTorrent
    30/12/2006 15:36 <REP> vso
    29/12/2006 18:34 <REP> Western Digital Technologies
    31/12/2006 19:45 <REP> Windows Media Connect 2
    31/12/2006 19:44 <REP> Windows Media Player
    29/12/2006 17:00 <REP> Windows NT
    08/02/2007 19:00 <REP> WinRAR
    29/12/2006 16:49 <REP> xerox

    _________________________________________________________________

    ## Recherche dans le registre

    # Clés de démarrage :

    _________________________________________________________________

    ## Modification du fichier Hosts

    127.0.0.1= Url bloquée Autre= Redirection

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    _________________________________________________________________

    # Popups autorisées

    * Internet Explorer

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
    *.ogame259.de REG_BINARY

    * Mozilla Firefox (1 autorisé 2 interdit)

    host popup 1 www.developpez.net
    host popup 1 www.ledivx.com
    host popup 1 www.emule-mania.com
    host popup 1 diablo2.judgehype.com
    host popup 1 www.jeuxanimes.com
    host popup 1 www.abannonces.com
    host popup 1 www.grandtheftauto.fr

    * Suite Mozilla / SeaMonkey (1 autorisé 2 interdit)

    _________________________________________________________________

    ## Zones de sécurité

    * HKCU Domains (4)

    * P3P History (5)

    _________________________ Fin du rapport ________________________
    0
  8. zBr
     
    Ok, pour moi, l'infection est supprimé.
    Evite comme la peste à l'avenir de télécharger un de ces clients Bittorent
    BitDownload,BitGrabber,BitRoll,TorrentQ,Torrent101
    ou NetPumper en accelérateur de dl.
    Ils installent tous un spyware ou "sponsor" qui balance des pubs toutes les 30s avec IE et récupère des i,fos personnelles sur tes habitudes de surf...
    Je vois que tu as Ccleaner, tu devrais l'utiliser pour faire un peu de ménage.
    Enfin dernière vérification, rends toi ici (Avec internet explorer):
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    Et fais scanner tout ton pc par l'AV en ligne, histoire d'être sur que tout est vraiment ok.
    Poste le rapport s'il détecte quelque chose.

    a++
    0
  9. JamaisContent Messages postés 5 Statut Membre
     
    ok Kaspersky n a rien détecté je venais d installé ccleaner suite a la lecture de discussion sur le forum a propos de iexplore.exe

    ben voila un grand merci pour ton aide bonne soirée/nuit moi je vais me coucher avec soulagement lol

    a+++
    0
  10. titil Messages postés 1 Date d'inscription   Statut Membre
     
    Bonjour j'ai le meme probleme et apres norton, multi virus cleaner 2008, antivir et ad aware 2007, rien a faire les 2 IEXPLORER sont toujours presents et prennent beaucoup de place(80 000Ko et le 2eme 10 000Ko)memoire vive 512,
    est ce que quelqu'un peut m'aider mon ordi rame mortellement voici mon rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:01:07, on 23/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\keyhook.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ségolène\Local Settings\Temporary Internet Files\Content.IE5\T1G4FSAJ\HiJackThis[1].exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\Flag Build.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\SÉGOLÈNE\APPLIC~1\ELSEPL~1\AXISNEW.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://segolobregain.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    0